Install replica script

install-replica.sh

!#/bin/bash

# First: Install the Replica key so it can download the repos
# Seconds: Run with `sudo bash ./install-replica.sh`

# Upgrade The Base Packages

export DEBIAN_FRONTEND=noninteractive

echo "\n\n========= APG-GET UPDATE =========="

apt-get update
apt-get upgrade -y
apt autoremove -y


echo "\n\n========= Add A Few PPAs To Stay Current =========="
apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages software-properties-common

# apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y
# apt-add-repository ppa:nginx/development -y
# apt-add-repository ppa:chris-lea/redis-server -y
apt-add-repository ppa:ondrej/apache2 -y
apt-add-repository ppa:ondrej/php -y

# Setup MySQL 5.7 Repositories


echo "\n\n======== UPDATE PACKAGES ==========="

apt-get update

# Base Packages
echo "\n\n======== INSTALL BASE PACKAGES ==========="

apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
make python2.7 python-pip sendmail supervisor ufw unattended-upgrades unzip whois zsh htop

echo "\n\n======== INSTALL HTTPIE ==========="

pip install httpie

echo "\n\n======== Disable Password Authentication Over SSH ==========="

sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config


echo "\n\n======== RESTART SSH ==========="

ssh-keygen -A
service ssh restart

echo "\n\n======== SET HOSTNAME TO REVOPI ==========="

echo "revopi.local" > /etc/hostname
sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1 revopi.local localhost/' /etc/hosts
hostname revopi.local


echo "\n\n======== SET TIMEZONE ==========="

# ln -sf /usr/share/zoneinfo/UTC /etc/localtime
ln -sf /usr/share/zoneinfo/UTC /etc/localtime

echo "\n\n======== CREATE ROOT .SSH DIRECTORY ==========="
if [ ! -d /root/.ssh ]
then
    mkdir -p /root/.ssh
    touch /root/.ssh/authorized_keys
fi

echo "\n\n======== SETUP FORGE USER ==========="

useradd forge
mkdir -p /home/forge/.ssh
mkdir -p /home/forge/.forge
adduser forge sudo

echo "\n\n======== SETUP BASH FOR FORGE USER ==========="

chsh -s /bin/bash forge
cp /root/.profile /home/forge/.profile
cp /root/.bashrc /home/forge/.bashrc

echo "\n\n======== SET THE SUDO PASSWORD FOR FORGE ==========="

PASSWORD=$(mkpasswd revopipswd)
usermod --password $PASSWORD forge

# Build Formatted Keys & Copy Keys To Forge


#cat > /root/.ssh/authorized_keys << EOF
# Laravel Forge
#ssh-rsa abc12345 worker@forge.laravel.com
#
#
#EOF


cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys

# Create The Server SSH Key
# We already copy it the one that is able to access revoreplica repos
# ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''

# Copy Source Control Public Keys Into Known Hosts File

ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts
ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts
ssh-keyscan -H gitlab.com >> /home/forge/.ssh/known_hosts

echo "\n\n======== CONFIGURE GIT SETTINGS ==========="

git config --global user.name "Revo Pi"
git config --global user.email "revopi@revo.works"


echo "\n\n======== SETUP FORGE HOME ==========="

chown -R forge:forge /home/forge
chmod -R 755 /home/forge
chmod 700 /home/forge/.ssh/id_rsa

echo "\n\n======== SETUP FIREWALL ==========="

ufw allow 22
ufw allow 80
ufw allow 8080/tcp
ufw allow 443
ufw --force enable

# Allow FPM Restart

echo "forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload" > /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5.6-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5-fpm reload" >> /etc/sudoers.d/php-fpm

echo "\n\n======== INSTALL APACHE ========="

apt install apache2 -y --allow-downgrades --allow-remove-essential --allow-change-held-packages
a2enmod rewrite
a2enmod userdir

cat << EOF >> /etc/apache2/apache2.conf  
<Directory /home/forge/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
EOF

a2dissite 000-default.conf 
systemctl restart apache2
systemctl enable apache2.service

# TODO: ALLOW OVERRIDES

#<Directory /home/forge/>
#   Options Indexes FollowSymLinks
#   AllowOverride All
#   Require all granted
#</Directory>

echo "\n\n======== INSTALL PHP ==========="


apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages php7.1-cli php7.1-dev \
php7.1-pgsql php7.1-sqlite3 php7.1-gd \
php7.1-curl php7.1-memcached \
php7.1-imap php7.1-mysql php7.1-mbstring \
php7.1-xml php7.1-zip php7.1-bcmath php7.1-soap \
php7.1-intl php7.1-readline php7.1-mcrypt

echo "\n\n======== INSTALL PHP RELATED MODULES ==========="
apt install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages php libapache2-mod-php php-common php-mbstring php-xmlrpc php-soap php-gd php-xml php-intl php-mysql php-cli php-zip php-curl


echo "\n\n======== INSTALL COMPOSER ==========="

curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer

echo "\n\n======== SETUP PHP ==========="

sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.1/cli/php.ini
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.1/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.1/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.1/cli/php.ini

# Configure Sessions Directory Permissions

chmod 733 /var/lib/php/sessions
chmod +t /var/lib/php/sessions


#
# REQUIRES:
#       - server (the forge server instance)
#       - site_name (the name of the site folder)
#



# Add Forge User To www-data Group

usermod -a -G www-data forge
id forge
groups forge


#curl --silent --location https://deb.nodesource.com/setup_6.x | bash -

#apt-get update

#sudo apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages nodejs

#npm install -g pm2
#npm install -g gulp
#npm install -g yarn

    #
# REQUIRES:
#       - server (the forge server instance)
#       - db_password (random password for mysql user)
#

# Set The Automated Root Password
echo "\n\n======== SETUP MySQL ==========="

export DEBIAN_FRONTEND=noninteractive

debconf-set-selections <<< "mariadb-server-10.0 mysql-server/data-dir select ''"
debconf-set-selections <<< "mariadb-server-10.0 mysql-server/root_password password ABC123456789"
debconf-set-selections <<< "mariadb-server-10.0 mysql-server/root_password_again password ABC123456789"

# Install MySQL

apt-get install -y mariadb-server
systemctl enable mysql.service

# Configure Password Expiration

# echo "default_password_lifetime = 0" >> /etc/mysql/my.cnf

# Configure Access Permissions For Root & Forge Users

sed -i '/^bind-address/s/bind-address.*=.*/bind-address = */' /etc/mysql/my.cnf
mysql --user="root" --password="ABC123456789" -e "GRANT ALL ON *.* TO root@'12.34.56.78' IDENTIFIED BY 'ABC123456789';"
mysql --user="root" --password="ABC123456789" -e "GRANT ALL ON *.* TO root@'%' IDENTIFIED BY 'ABC123456789';"
service mysql restart

mysql --user="root" --password="ABC123456789" -e "CREATE USER 'forge'@'12.34.56.78' IDENTIFIED BY 'ABC123456789';"
mysql --user="root" --password="ABC123456789" -e "GRANT ALL ON *.* TO 'forge'@'12.34.56.78' IDENTIFIED BY 'ABC123456789' WITH GRANT OPTION;"
mysql --user="root" --password="ABC123456789" -e "GRANT ALL ON *.* TO 'forge'@'%' IDENTIFIED BY 'ABC123456789' WITH GRANT OPTION;"
mysql --user="root" --password="ABC123456789" -e "FLUSH PRIVILEGES;"

# Set Character Set

echo "" >> /etc/mysql/my.cnf
echo "[mysqld]" >> /etc/mysql/my.cnf
echo "character-set-server = utf8" >> /etc/mysql/my.cnf

# Create The Initial Database If Specified

mysql --user="root" --password="ABC123456789" -e "CREATE DATABASE revo;"


#
# REQUIRES:
#       - server (the forge server instance)
#       - db_password (random password for database user)
#


# Configure The Timezone

#sudo sed -i "s/localtime/UTC/" /etc/postgresql/9.5/main/postgresql.conf
#service postgresql restart

# Create The Initial Database If Specified

#sudo -u postgres /usr/bin/createdb --echo --owner=forge forge


# Install & Configure Redis Server

apt-get install -y redis-server
sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis/redis.conf
service redis-server restart
# Install & Configure Memcached

apt-get install -y memcached
sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
service memcached restart
# Install & Configure Beanstalk

apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages beanstalkd
sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd
sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd
/etc/init.d/beanstalkd start

# Configure Supervisor Autostart

systemctl enable supervisor.service
service supervisor start

# Configure Swap Disk

if [ -f /swapfile ]; then
    echo "Swap exists."
else
    fallocate -l 1G /swapfile
    chmod 600 /swapfile
    mkswap /swapfile
    swapon /swapfile
    echo "/swapfile none swap sw 0 0" >> /etc/fstab
    echo "vm.swappiness=30" >> /etc/sysctl.conf
    echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
fi

# Setup Unattended Security Upgrades

cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
Unattended-Upgrade::Allowed-Origins {
    "Ubuntu xenial-security";
};
Unattended-Upgrade::Package-Blacklist {
    //
};
EOF

cat > /etc/apt/apt.conf.d/10periodic << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF

echo "\n\n========= INSTALL REVO =========="
mysql --user="root" --password="ABC123456789" -e "CREATE DATABASE Revo;"

FOLDER=/home/forge/revoreplica

sudo -u forge mkdir -p $FOLDER
sudo -u forge git clone git@bitbucket.org:revo-pos/revo-pi-admin.git $FOLDER
sudo -u forge composer install -d $FOLDER --no-dev --prefer-dist
sudo -u forge cp $FOLDER/.env.example $FOLDER/.env
sudo -u forge sed - i "s/DB_DATABASE=homestead/DB_DATABASE=revo/" $FOLDER/.env
sudo -u forge sed - i "s/DB_USERNAME=homestead/DB_USERNAME=forge/" $FOLDER/.env
sudo -u forge sed - i "s/DB_PASSWORD=secret/DB_PASSWORD=ABC123456789/" $FOLDER/.env
#sudo -u forge chmod -R 777 $FOLDER/storage
sudo -u forge php $FOLDER/artisan key:generate
sudo -u forge php $FOLDER/artisan migrate --seed

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/revoreplica.conf
sed -i "s/var\/www\/html/home\/forge\/revoreplica\/public/" /etc/apache2/sites-available/revoreplica.conf
sed -i "s/#ServerName www.example.com/Servername revopi.local/" /etc/apache2/sites-available/revoreplica.conf
a2ensite revoreplica

echo "\n\n========= INSTALL REVO REPLICA =========="
mysql --user="root" --password="ABC123456789" -e "CREATE DATABASE RevoPi;"

FOLDER=/home/forge/revoreplicaadmin
sudo -u forge mkdir -p $FOLDER
sudo -u forge git clone git@bitbucket.org:revo-pos/revo-pi-admin.git $FOLDER
sudo -u forge composer install -d $FOLDER --no-dev --prefer-dist
sudo -u forge cp $FOLDER/.env.server $FOLDER/.env
sudo -u forge sed - i "s/DB_USERNAME=root/DB_USERNAME=forge/" $FOLDER/.env
sudo -u forge sed - i "s/DB_PASSWORD=/DB_PASSWORD=ABC123456789/" $FOLDER/.env
sudo -u forge php $FOLDER/artisan key:generate
sudo -u forge php $FOLDER/artisan migrate --seed

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/revoreplicaadmin.conf
sed -i "s/var\/www\/html/home\/forge\/revoreplicaadmin\/public/" /etc/apache2/sites-available/revoreplicaadmin.conf
sed -i "s/#ServerName www.example.com/Servername revopi.local/" /etc/apache2/sites-available/revoreplicaadmin.conf
sed -i "s/:80>/:8080>/" /etc/apache2/sites-available/revoreplicaadmin.conf
echo "Listen 8080" | sudo tee -a /etc/apache2/sites-available/revoreplicaadmin.conf
a2ensite revoreplicaadmin

sudo service apache2 restart